RE: PIX ssh access

From: Jim Devane (jdevane@nevadanap.com)
Date: Wed Aug 09 2006 - 14:04:04 ART

• Next message: Tom Larus: "Re: How to Start Over Again ?"
• Previous message: Hough, Earl: "RE: BGP regexp - AS count"
• Maybe in reply to: Stefan Grey: "PIX ssh access"
• Next in thread: Stefan Grey: "RE: PIX ssh access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Why would you need an ssh client?
His syntax from the router is perfectly valid (assuming .... Is the
address of the pix and he egress IP is 1.1.1.1) It seems to me loading
up putty et. al will only get you the same error.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
john matijevic
Sent: Wednesday, August 09, 2006 9:39 AM
To: Stefan Grey
Cc: ccielab@groupstudy.com
Subject: Re: PIX ssh access

Hello Stefan,
In order to test ssh, you will need a ssh client like Putty for free,
than you will try to connect. If you have any further issues, please
discuss offline.
Sincerely,
John

On 8/9/06, Stefan Grey <examplebrain@hotmail.com> wrote:
>
> Hello,
> I use pretty simple config on PIX
> to configure SSH access to it:
>
> domain-name cisco.com
> ca generate rsa key 768
> ssh 1.1.1.1 255.255.255.255 inside
> aaa-server tacacs+ (inside) host 20.20.20.20 cisco aaa authentication
> ssh console TACACS+
>
> The authentication on PIX works fine. Everything seems to be
> configured correctly. But I want to check that it really works. Did
> you tried to check if it works??
>
> I used ssh command on the router connected to it.
>
> ssh -l ciscoman ....
> But it doesn't connect and tells me:
> Remote host refused the connection.
>
> Does anybody have any idea what I did wrong?? If not so how can I
> verify that ssh connection really works??? (In fact any ssh configs on

> PIx... and I didn't manage to connect to it by the router).
>
> Thanks you. YOur help very appreciated.
>
> _________________________________________________________________
> Find accommodation FAST with MSN Search! http://search.msn.ie/
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

--
John Matijevic
U.S. Installation Group
Senior Network Engineer
954-969-7160 ext. 1147 (office)
305-321-6232 (cell)

• Next message: Tom Larus: "Re: How to Start Over Again ?"
• Previous message: Hough, Earl: "RE: BGP regexp - AS count"
• Maybe in reply to: Stefan Grey: "PIX ssh access"
• Next in thread: Stefan Grey: "RE: PIX ssh access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:56 ART